Oja Market Hack
MediumPurple TeamWeb 45 min
Challenge Description / Scenario
As a registered user, you must steal the admin session cookie via XSS, then forge a CSRF request to elevate your account. The flag is in the admin dashboard.
Submit Flags
3 questions — answer all to complete the challenge
200 pts
1
Where is the XSS injection point?
2
What is the stolen session cookie value?
3
Submit the admin dashboard flag.